BinaryMetadataSchema

The BinaryMetadata schema

This schema describes and represents the metadata of an item to be analyzed. It contains the following defined elements:

• sha256: (type: str) - The hash value of the specified item. Always 64 characters in length.
• url: (type: str) The URL from which the contents of the item may be downloaded. Your analysis engine will use this URL to retrieve the actual binary data for analysis.
• architecture: (type: list) A list of string values, which represent the architecture(s) that this item was designed for.
• available_file_size: (type: int, may be None) The number of bytes of the item which may be downloaded through the given URL.
• charset_id: (type: int, may be None) The ID of the character set used by the item.
• comments: (type: str, may be None) Comments associated with the given item.
• company_name: (type: str, may be None) The name of the company producing the associated item.
• copyright: (type: str, may be None) Copyright message associated with the item.
• file_available: (type: bool) Indicates whether the item is actually available for download through the given URL. If this property is False, attempting to download the item may produce an error.
• file_description: (type: str, may be None) Description of the associated item.
• file_size: (type: int, may be None) The number of bytes in the original item. The value of the available_file_size property will be less than or equal to this value.
• file_version: (type: str, may be None) The version number associated with the specified item.
• internal_name: (type: str, may be None) The internal name associated with the specified item.
• lang_id: (type: int, may be None) The ID of the language associated with the specified item.
• md5: (type: str) The MD5 hash value of the specified item. Always 32 characters in length. The value of the sha256 property should be used in preference to this value.
• original_filename: (type: str, may be None) The original name given to the specified item, if it was renamed.
• os_type: (type: str, may be None) The operating system type this item is intended for.
• private_build: (type: str, may be None) Information about the private build status of this item, which indicates that it was built not using standard release procedures.
• product_description: (type: str, may be None) Description of the product this item belongs to.
• product_name: (type: str, may be None) Name of the product this item belongs to.
• product_version: (type: str, may be None) Version number of the product this item belongs to.
• special_build: (type: str, may be None) Information about the special build status of this item, which indicates that it was built using standard release procedures, but differing from the standard item of this name that carries its same version number.
• trademark: (type: str, may be None) Trademark message associated with the item.

N.B.: Much of this data is specific to executable files, and, in particular, to Windows executables that carry a VERSIONINFO resource.